File: | src/libexec/spamd/spamd.c |
Warning: | line 1064, column 12 Null pointer passed as 1st argument to string length function |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: spamd.c,v 1.158 2021/07/14 13:33:57 kn Exp $ */ | |||
2 | ||||
3 | /* | |||
4 | * Copyright (c) 2015 Henning Brauer <henning@openbsd.org> | |||
5 | * Copyright (c) 2002-2007 Bob Beck. All rights reserved. | |||
6 | * Copyright (c) 2002 Theo de Raadt. All rights reserved. | |||
7 | * | |||
8 | * Permission to use, copy, modify, and distribute this software for any | |||
9 | * purpose with or without fee is hereby granted, provided that the above | |||
10 | * copyright notice and this permission notice appear in all copies. | |||
11 | * | |||
12 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |||
13 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |||
14 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |||
15 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |||
16 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |||
17 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |||
18 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |||
19 | */ | |||
20 | ||||
21 | #include <sys/types.h> | |||
22 | #include <sys/socket.h> | |||
23 | #include <sys/sysctl.h> | |||
24 | #include <sys/resource.h> | |||
25 | #include <sys/signal.h> | |||
26 | #include <sys/stat.h> | |||
27 | ||||
28 | #include <netinet/in.h> | |||
29 | #include <arpa/inet.h> | |||
30 | ||||
31 | #include <err.h> | |||
32 | #include <errno(*__errno()).h> | |||
33 | #include <fcntl.h> | |||
34 | #include <limits.h> | |||
35 | #include <poll.h> | |||
36 | #include <pwd.h> | |||
37 | #include <stdio.h> | |||
38 | #include <stdlib.h> | |||
39 | #include <string.h> | |||
40 | #include <syslog.h> | |||
41 | #include <unistd.h> | |||
42 | #include <limits.h> | |||
43 | #include <tls.h> | |||
44 | ||||
45 | #include <netdb.h> | |||
46 | ||||
47 | #include "sdl.h" | |||
48 | #include "grey.h" | |||
49 | #include "sync.h" | |||
50 | ||||
51 | struct con { | |||
52 | struct pollfd *pfd; | |||
53 | int state; | |||
54 | int laststate; | |||
55 | int af; | |||
56 | int il; | |||
57 | struct sockaddr_storage ss; | |||
58 | void *ia; | |||
59 | char addr[32]; | |||
60 | char caddr[32]; | |||
61 | char helo[MAX_MAIL1024], mail[MAX_MAIL1024], rcpt[MAX_MAIL1024]; | |||
62 | struct sdlist **blacklists; | |||
63 | struct tls *cctx; | |||
64 | ||||
65 | /* | |||
66 | * we will do stuttering by changing these to time_t's of | |||
67 | * now + n, and only advancing when the time is in the past/now | |||
68 | */ | |||
69 | time_t r; | |||
70 | time_t w; | |||
71 | time_t s; | |||
72 | ||||
73 | char ibuf[8192]; | |||
74 | char *ip; | |||
75 | char rend[5]; /* any chars in here causes input termination */ | |||
76 | ||||
77 | char *obuf; | |||
78 | char *lists; | |||
79 | size_t osize; | |||
80 | char *op; | |||
81 | int ol; | |||
82 | int data_lines; | |||
83 | int data_body; | |||
84 | int stutter; | |||
85 | int badcmd; | |||
86 | int sr; | |||
87 | int tlsaction; | |||
88 | } *con; | |||
89 | ||||
90 | #define SPAMD_TLS_ACT_NONE0 0 | |||
91 | #define SPAMD_TLS_ACT_READ_POLLIN1 1 | |||
92 | #define SPAMD_TLS_ACT_READ_POLLOUT2 2 | |||
93 | #define SPAMD_TLS_ACT_WRITE_POLLIN3 3 | |||
94 | #define SPAMD_TLS_ACT_WRITE_POLLOUT4 4 | |||
95 | ||||
96 | #define SPAMD_USER"_spamd" "_spamd" | |||
97 | ||||
98 | void usage(void); | |||
99 | char *grow_obuf(struct con *, int); | |||
100 | int parse_configline(char *); | |||
101 | void parse_configs(void); | |||
102 | void do_config(void); | |||
103 | int append_error_string (struct con *, size_t, char *, int, void *); | |||
104 | void doreply(struct con *); | |||
105 | void setlog(char *, size_t, char *); | |||
106 | void initcon(struct con *, int, struct sockaddr *); | |||
107 | void closecon(struct con *); | |||
108 | int match(const char *, const char *); | |||
109 | void nextstate(struct con *); | |||
110 | void handler(struct con *); | |||
111 | void handlew(struct con *, int one); | |||
112 | char *loglists(struct con *); | |||
113 | void getcaddr(struct con *); | |||
114 | void gethelo(char *, size_t, char *); | |||
115 | int read_configline(FILE *); | |||
116 | void spamd_tls_init(void); | |||
117 | void check_spamd_db(void); | |||
118 | void blackcheck(int); | |||
119 | ||||
120 | char hostname[HOST_NAME_MAX255+1]; | |||
121 | struct syslog_data sdata = SYSLOG_DATA_INIT{0, (const char *)0, (1<<3), 0xff}; | |||
122 | char *nreply = "450"; | |||
123 | char *spamd = "spamd IP-based SPAM blocker"; | |||
124 | int greyback[2]; | |||
125 | int greypipe[2]; | |||
126 | int trappipe[2]; | |||
127 | FILE *grey; | |||
128 | FILE *trapcfg; | |||
129 | time_t passtime = PASSTIME(60 * 25); | |||
130 | time_t greyexp = GREYEXP(60 * 60 * 4); | |||
131 | time_t whiteexp = WHITEEXP(60 * 60 * 24 * 36); | |||
132 | time_t trapexp = TRAPEXP(60 * 60 * 24); | |||
133 | struct passwd *pw; | |||
134 | pid_t jail_pid = -1; | |||
135 | u_short cfg_port; | |||
136 | u_short sync_port; | |||
137 | struct tls_config *tlscfg; | |||
138 | struct tls *tlsctx; | |||
139 | char *tlskeyfile = NULL((void*)0); | |||
140 | char *tlscertfile = NULL((void*)0); | |||
141 | ||||
142 | extern struct sdlist *blacklists; | |||
143 | extern int pfdev; | |||
144 | extern char *low_prio_mx_ip; | |||
145 | ||||
146 | time_t slowdowntill; | |||
147 | ||||
148 | int conffd = -1; | |||
149 | int trapfd = -1; | |||
150 | char *cb; | |||
151 | size_t cbs, cbu; | |||
152 | ||||
153 | time_t t; | |||
154 | ||||
155 | #define MAXCON800 800 | |||
156 | int maxfiles; | |||
157 | int maxcon = MAXCON800; | |||
158 | int maxblack = MAXCON800; | |||
159 | int blackcount; | |||
160 | int clients; | |||
161 | int debug; | |||
162 | int greylist = 1; | |||
163 | int grey_stutter = 10; | |||
164 | int verbose; | |||
165 | int stutter = 1; | |||
166 | int window; | |||
167 | int syncrecv; | |||
168 | int syncsend; | |||
169 | #define MAXTIME400 400 | |||
170 | ||||
171 | #define MAXIMUM(a,b)(((a)>(b))?(a):(b)) (((a)>(b))?(a):(b)) | |||
172 | ||||
173 | void | |||
174 | usage(void) | |||
175 | { | |||
176 | extern char *__progname; | |||
177 | ||||
178 | fprintf(stderr(&__sF[2]), | |||
179 | "usage: %s [-45bdv] [-B maxblack] [-C file] [-c maxcon] " | |||
180 | "[-G passtime:greyexp:whiteexp]\n" | |||
181 | "\t[-h hostname] [-K file] [-l address] [-M address] [-n name]\n" | |||
182 | "\t[-p port] [-S secs] [-s secs] " | |||
183 | "[-w window] [-Y synctarget] [-y synclisten]\n", | |||
184 | __progname); | |||
185 | ||||
186 | exit(1); | |||
187 | } | |||
188 | ||||
189 | char * | |||
190 | grow_obuf(struct con *cp, int off) | |||
191 | { | |||
192 | char *tmp; | |||
193 | ||||
194 | tmp = realloc(cp->obuf, cp->osize + 8192); | |||
195 | if (tmp == NULL((void*)0)) { | |||
196 | free(cp->obuf); | |||
197 | cp->obuf = NULL((void*)0); | |||
198 | cp->osize = 0; | |||
199 | return (NULL((void*)0)); | |||
200 | } else { | |||
201 | cp->osize += 8192; | |||
202 | cp->obuf = tmp; | |||
203 | return (cp->obuf + off); | |||
204 | } | |||
205 | } | |||
206 | ||||
207 | int | |||
208 | parse_configline(char *line) | |||
209 | { | |||
210 | char *cp, prev, *name, *msg, *tmp; | |||
211 | char **v4 = NULL((void*)0), **v6 = NULL((void*)0); | |||
212 | const char *errstr; | |||
213 | u_int nv4 = 0, nv6 = 0; | |||
214 | int mdone = 0; | |||
215 | sa_family_t af; | |||
216 | ||||
217 | name = line; | |||
218 | ||||
219 | for (cp = name; *cp && *cp != ';'; cp++) | |||
220 | ; | |||
221 | if (*cp != ';') | |||
222 | goto parse_error; | |||
223 | *cp++ = '\0'; | |||
224 | if (!*cp) { | |||
225 | sdl_del(name); | |||
226 | return (0); | |||
227 | } | |||
228 | msg = cp; | |||
229 | if (*cp++ != '"') | |||
230 | goto parse_error; | |||
231 | prev = '\0'; | |||
232 | for (; !mdone; cp++) { | |||
233 | switch (*cp) { | |||
234 | case '\\': | |||
235 | if (!prev) | |||
236 | prev = *cp; | |||
237 | else | |||
238 | prev = '\0'; | |||
239 | break; | |||
240 | case '"': | |||
241 | if (prev != '\\') { | |||
242 | cp++; | |||
243 | if (*cp == ';') { | |||
244 | mdone = 1; | |||
245 | *cp = '\0'; | |||
246 | } else { | |||
247 | if (debug > 0) | |||
248 | printf("bad message: %s\n", msg); | |||
249 | goto parse_error; | |||
250 | } | |||
251 | } | |||
252 | break; | |||
253 | case '\0': | |||
254 | if (debug > 0) | |||
255 | printf("bad message: %s\n", msg); | |||
256 | goto parse_error; | |||
257 | default: | |||
258 | prev = '\0'; | |||
259 | break; | |||
260 | } | |||
261 | } | |||
262 | ||||
263 | while ((tmp = strsep(&cp, ";")) != NULL((void*)0)) { | |||
264 | char **av; | |||
265 | u_int au, ac; | |||
266 | ||||
267 | if (*tmp == '\0') | |||
268 | continue; | |||
269 | ||||
270 | if (strncmp(tmp, "inet", 4) != 0) | |||
271 | goto parse_error; | |||
272 | switch (tmp[4]) { | |||
273 | case '\0': | |||
274 | af = AF_INET2; | |||
275 | break; | |||
276 | case '6': | |||
277 | if (tmp[5] == '\0') { | |||
278 | af = AF_INET624; | |||
279 | break; | |||
280 | } | |||
281 | /* FALLTHROUGH */ | |||
282 | default: | |||
283 | if (debug > 0) | |||
284 | printf("unsupported address family: %s\n", tmp); | |||
285 | goto parse_error; | |||
286 | } | |||
287 | ||||
288 | tmp = strsep(&cp, ";"); | |||
289 | if (tmp == NULL((void*)0)) { | |||
290 | if (debug > 0) | |||
291 | printf("missing address count\n"); | |||
292 | goto parse_error; | |||
293 | } | |||
294 | ac = strtonum(tmp, 0, UINT_MAX(2147483647 *2U +1U), &errstr); | |||
295 | if (errstr != NULL((void*)0)) { | |||
296 | if (debug > 0) | |||
297 | printf("count \"%s\" is %s\n", tmp, errstr); | |||
298 | goto parse_error; | |||
299 | } | |||
300 | ||||
301 | av = reallocarray(NULL((void*)0), ac, sizeof(char *)); | |||
302 | for (au = 0; au < ac; au++) { | |||
303 | tmp = strsep(&cp, ";"); | |||
304 | if (tmp == NULL((void*)0)) { | |||
305 | if (debug > 0) | |||
306 | printf("expected %u addrs, got %u\n", | |||
307 | ac, au + 1); | |||
308 | free(av); | |||
309 | goto parse_error; | |||
310 | } | |||
311 | if (*tmp == '\0') | |||
312 | continue; | |||
313 | av[au] = tmp; | |||
314 | } | |||
315 | if (af == AF_INET2) { | |||
316 | if (v4 != NULL((void*)0)) { | |||
317 | if (debug > 0) | |||
318 | printf("duplicate inet\n"); | |||
319 | goto parse_error; | |||
320 | } | |||
321 | v4 = av; | |||
322 | nv4 = ac; | |||
323 | } else { | |||
324 | if (v6 != NULL((void*)0)) { | |||
325 | if (debug > 0) | |||
326 | printf("duplicate inet6\n"); | |||
327 | goto parse_error; | |||
328 | } | |||
329 | v6 = av; | |||
330 | nv6 = ac; | |||
331 | } | |||
332 | } | |||
333 | if (nv4 == 0 && nv6 == 0) { | |||
334 | if (debug > 0) | |||
335 | printf("no addresses\n"); | |||
336 | goto parse_error; | |||
337 | } | |||
338 | sdl_add(name, msg, v4, nv4, v6, nv6); | |||
339 | free(v4); | |||
340 | free(v6); | |||
341 | return (0); | |||
342 | ||||
343 | parse_error: | |||
344 | if (debug > 0) | |||
345 | printf("bogus config line - need 'tag;message;af;count;a/m;a/m;a/m...'\n"); | |||
346 | free(v4); | |||
347 | free(v6); | |||
348 | return (-1); | |||
349 | } | |||
350 | ||||
351 | void | |||
352 | parse_configs(void) | |||
353 | { | |||
354 | char *start, *end; | |||
355 | size_t i; | |||
356 | ||||
357 | /* We always leave an extra byte for the NUL. */ | |||
358 | cb[cbu++] = '\0'; | |||
359 | ||||
360 | start = cb; | |||
361 | end = start; | |||
362 | for (i = 0; i < cbu; i++) { | |||
363 | if (*end == '\n') { | |||
364 | *end = '\0'; | |||
365 | if (end > start + 1) | |||
366 | parse_configline(start); | |||
367 | start = ++end; | |||
368 | } else | |||
369 | ++end; | |||
370 | } | |||
371 | if (end > start + 1) | |||
372 | parse_configline(start); | |||
373 | } | |||
374 | ||||
375 | void | |||
376 | do_config(void) | |||
377 | { | |||
378 | int n; | |||
379 | ||||
380 | if (debug > 0) | |||
381 | printf("got configuration connection\n"); | |||
382 | ||||
383 | /* Leave an extra byte for the terminating NUL. */ | |||
384 | if (cbu + 1 >= cbs) { | |||
385 | char *tmp; | |||
386 | ||||
387 | tmp = realloc(cb, cbs + (1024 * 1024)); | |||
388 | if (tmp == NULL((void*)0)) { | |||
389 | if (debug > 0) | |||
390 | warn("realloc"); | |||
391 | goto configdone; | |||
392 | } | |||
393 | cbs += 1024 * 1024; | |||
394 | cb = tmp; | |||
395 | } | |||
396 | ||||
397 | n = read(conffd, cb + cbu, cbs - cbu); | |||
398 | if (debug > 0) | |||
399 | printf("read %d config bytes\n", n); | |||
400 | if (n == 0) { | |||
401 | if (cbu != 0) | |||
402 | parse_configs(); | |||
403 | goto configdone; | |||
404 | } else if (n == -1) { | |||
405 | if (debug > 0) | |||
406 | warn("read"); | |||
407 | goto configdone; | |||
408 | } else | |||
409 | cbu += n; | |||
410 | return; | |||
411 | ||||
412 | configdone: | |||
413 | free(cb); | |||
414 | cb = NULL((void*)0); | |||
415 | cbs = 0; | |||
416 | cbu = 0; | |||
417 | close(conffd); | |||
418 | conffd = -1; | |||
419 | slowdowntill = 0; | |||
420 | } | |||
421 | ||||
422 | int | |||
423 | read_configline(FILE *config) | |||
424 | { | |||
425 | char *buf; | |||
426 | size_t len; | |||
427 | ||||
428 | if ((buf = fgetln(config, &len))) { | |||
429 | if (buf[len - 1] == '\n') | |||
430 | buf[len - 1] = '\0'; | |||
431 | else | |||
432 | return (-1); /* all valid lines end in \n */ | |||
433 | parse_configline(buf); | |||
434 | } else { | |||
435 | syslog_r(LOG_DEBUG7, &sdata, "read_configline: fgetln (%m)"); | |||
436 | return (-1); | |||
437 | } | |||
438 | return (0); | |||
439 | } | |||
440 | ||||
441 | void | |||
442 | spamd_tls_init() | |||
443 | { | |||
444 | if (tlskeyfile == NULL((void*)0) && tlscertfile == NULL((void*)0)) | |||
445 | return; | |||
446 | if (tlskeyfile == NULL((void*)0) || tlscertfile == NULL((void*)0)) | |||
447 | errx(1, "need key and certificate for TLS"); | |||
448 | ||||
449 | if ((tlscfg = tls_config_new()) == NULL((void*)0)) | |||
450 | errx(1, "failed to get tls config"); | |||
451 | if ((tlsctx = tls_server()) == NULL((void*)0)) | |||
452 | errx(1, "failed to get tls server"); | |||
453 | ||||
454 | if (tls_config_set_protocols(tlscfg, TLS_PROTOCOLS_ALL((1 << 1)|(1 << 2)| (1 << 3)|(1 << 4) )) != 0) | |||
455 | errx(1, "failed to set tls protocols"); | |||
456 | ||||
457 | /* might need user-specified ciphers, tls_config_set_ciphers */ | |||
458 | if (tls_config_set_ciphers(tlscfg, "all") != 0) | |||
459 | errx(1, "failed to set tls ciphers"); | |||
460 | ||||
461 | if (tls_config_set_cert_file(tlscfg, tlscertfile) == -1) | |||
462 | errx(1, "unable to set TLS certificate file %s", tlscertfile); | |||
463 | if (tls_config_set_key_file(tlscfg, tlskeyfile) == -1) | |||
464 | errx(1, "unable to set TLS key file %s", tlskeyfile); | |||
465 | if (tls_configure(tlsctx, tlscfg) != 0) | |||
466 | errx(1, "failed to configure TLS - %s", tls_error(tlsctx)); | |||
467 | ||||
468 | /* set hostname to cert's CN unless explicitly given? */ | |||
469 | } | |||
470 | ||||
471 | int | |||
472 | append_error_string(struct con *cp, size_t off, char *fmt, int af, void *ia) | |||
473 | { | |||
474 | char sav = '\0'; | |||
475 | static int lastcont = 0; | |||
476 | char *c = cp->obuf + off; | |||
477 | char *s = fmt; | |||
478 | size_t len = cp->osize - off; | |||
479 | int i = 0; | |||
480 | ||||
481 | if (off
| |||
482 | lastcont = 0; | |||
483 | ||||
484 | if (lastcont
| |||
485 | cp->obuf[lastcont] = '-'; | |||
486 | snprintf(c, len, "%s ", nreply); | |||
487 | i += strlen(c); | |||
488 | lastcont = off + i - 1; | |||
489 | if (*s == '"') | |||
490 | s++; | |||
491 | while (*s) { | |||
492 | /* | |||
493 | * Make sure we at minimum, have room to add a | |||
494 | * format code (4 bytes), and a v6 address(39 bytes) | |||
495 | * and a byte saved in sav. | |||
496 | */ | |||
497 | if (i >= len - 46) { | |||
498 | c = grow_obuf(cp, off); | |||
499 | if (c
| |||
500 | return (-1); | |||
501 | len = cp->osize - (off + i); | |||
502 | } | |||
503 | ||||
504 | if (c[i-1] == '\n') { | |||
505 | if (lastcont != 0) | |||
506 | cp->obuf[lastcont] = '-'; | |||
507 | snprintf(c + i, len, "%s ", nreply); | |||
508 | i += strlen(c); | |||
509 | lastcont = off + i - 1; | |||
510 | } | |||
511 | ||||
512 | switch (*s) { | |||
513 | case '\\': | |||
514 | case '%': | |||
515 | if (!sav) | |||
516 | sav = *s; | |||
517 | else { | |||
518 | c[i++] = sav; | |||
519 | sav = '\0'; | |||
520 | c[i] = '\0'; | |||
521 | } | |||
522 | break; | |||
523 | case '"': | |||
524 | case 'A': | |||
525 | case 'n': | |||
526 | if (*(s+1) == '\0') { | |||
527 | break; | |||
528 | } | |||
529 | if (sav == '\\' && *s == 'n') { | |||
530 | c[i++] = '\n'; | |||
531 | sav = '\0'; | |||
532 | c[i] = '\0'; | |||
533 | break; | |||
534 | } else if (sav == '\\' && *s == '"') { | |||
535 | c[i++] = '"'; | |||
536 | sav = '\0'; | |||
537 | c[i] = '\0'; | |||
538 | break; | |||
539 | } else if (sav == '%' && *s == 'A') { | |||
540 | inet_ntop(af, ia, c + i, (len - i)); | |||
541 | i += strlen(c + i); | |||
542 | sav = '\0'; | |||
543 | break; | |||
544 | } | |||
545 | /* FALLTHROUGH */ | |||
546 | default: | |||
547 | if (sav) | |||
548 | c[i++] = sav; | |||
549 | c[i++] = *s; | |||
550 | sav = '\0'; | |||
551 | c[i] = '\0'; | |||
552 | break; | |||
553 | } | |||
554 | s++; | |||
555 | } | |||
556 | return (i); | |||
557 | } | |||
558 | ||||
559 | char * | |||
560 | loglists(struct con *cp) | |||
561 | { | |||
562 | static char matchlists[80]; | |||
563 | struct sdlist **matches; | |||
564 | int s = sizeof(matchlists) - 4; | |||
565 | ||||
566 | matchlists[0] = '\0'; | |||
567 | matches = cp->blacklists; | |||
568 | if (matches == NULL((void*)0)) | |||
569 | return (NULL((void*)0)); | |||
570 | for (; *matches; matches++) { | |||
571 | ||||
572 | /* don't report an insane amount of lists in the logs. | |||
573 | * just truncate and indicate with ... | |||
574 | */ | |||
575 | if (strlen(matchlists) + strlen(matches[0]->tag) + 1 >= s) | |||
576 | strlcat(matchlists, " ...", sizeof(matchlists)); | |||
577 | else { | |||
578 | strlcat(matchlists, " ", s); | |||
579 | strlcat(matchlists, matches[0]->tag, s); | |||
580 | } | |||
581 | } | |||
582 | return matchlists; | |||
583 | } | |||
584 | ||||
585 | void | |||
586 | doreply(struct con *cp) | |||
587 | { | |||
588 | struct sdlist **matches; | |||
589 | int off = 0; | |||
590 | ||||
591 | matches = cp->blacklists; | |||
592 | if (matches == NULL((void*)0)) | |||
593 | goto nomatch; | |||
594 | for (; *matches; matches++) { | |||
595 | int used = 0; | |||
596 | int left = cp->osize - off; | |||
597 | ||||
598 | used = append_error_string(cp, off, matches[0]->string, | |||
599 | cp->af, cp->ia); | |||
600 | if (used == -1) | |||
601 | goto bad; | |||
602 | off += used; | |||
603 | left -= used; | |||
604 | if (cp->obuf[off - 1] != '\n') { | |||
605 | if (left < 1) { | |||
606 | if (grow_obuf(cp, off) == NULL((void*)0)) | |||
607 | goto bad; | |||
608 | } | |||
609 | cp->obuf[off++] = '\n'; | |||
610 | cp->obuf[off] = '\0'; | |||
611 | } | |||
612 | } | |||
613 | return; | |||
614 | nomatch: | |||
615 | /* No match. give generic reply */ | |||
616 | free(cp->obuf); | |||
617 | if (cp->blacklists != NULL((void*)0)) | |||
618 | cp->osize = asprintf(&cp->obuf, | |||
619 | "%s-Sorry %s\n" | |||
620 | "%s-You are trying to send mail from an address " | |||
621 | "listed by one\n" | |||
622 | "%s or more IP-based registries as being a SPAM source.\n", | |||
623 | nreply, cp->addr, nreply, nreply); | |||
624 | else | |||
625 | cp->osize = asprintf(&cp->obuf, | |||
626 | "451 Temporary failure, please try again later.\r\n"); | |||
627 | if (cp->osize == -1) | |||
628 | cp->obuf = NULL((void*)0); | |||
629 | cp->osize++; /* size includes the NUL (also changes -1 to 0) */ | |||
630 | return; | |||
631 | bad: | |||
632 | if (cp->obuf
| |||
633 | free(cp->obuf); | |||
634 | cp->obuf = NULL((void*)0); | |||
635 | cp->osize = 0; | |||
636 | } | |||
637 | } | |||
638 | ||||
639 | void | |||
640 | setlog(char *p, size_t len, char *f) | |||
641 | { | |||
642 | char *s; | |||
643 | ||||
644 | s = strsep(&f, ":"); | |||
645 | if (!f) | |||
646 | return; | |||
647 | while (*f == ' ' || *f == '\t') | |||
648 | f++; | |||
649 | s = strsep(&f, " \t"); | |||
650 | if (s == NULL((void*)0)) | |||
651 | return; | |||
652 | strlcpy(p, s, len); | |||
653 | s = strsep(&p, " \t\n\r"); | |||
654 | if (s == NULL((void*)0)) | |||
655 | return; | |||
656 | s = strsep(&p, " \t\n\r"); | |||
657 | if (s) | |||
658 | *s = '\0'; | |||
659 | } | |||
660 | ||||
661 | /* | |||
662 | * Get address client connected to, by doing a getsockname call. | |||
663 | * Must not be used with a NAT'ed connection (use divert-to instead of rdr-to). | |||
664 | */ | |||
665 | void | |||
666 | getcaddr(struct con *cp) | |||
667 | { | |||
668 | struct sockaddr_storage original_destination; | |||
669 | struct sockaddr *odp = (struct sockaddr *) &original_destination; | |||
670 | socklen_t len = sizeof(struct sockaddr_storage); | |||
671 | int error; | |||
672 | ||||
673 | cp->caddr[0] = '\0'; | |||
674 | if (getsockname(cp->pfd->fd, odp, &len) == -1) | |||
675 | return; | |||
676 | error = getnameinfo(odp, odp->sa_len, cp->caddr, sizeof(cp->caddr), | |||
677 | NULL((void*)0), 0, NI_NUMERICHOST1); | |||
678 | if (error) | |||
679 | cp->caddr[0] = '\0'; | |||
680 | } | |||
681 | ||||
682 | void | |||
683 | gethelo(char *p, size_t len, char *f) | |||
684 | { | |||
685 | char *s; | |||
686 | ||||
687 | /* skip HELO/EHLO */ | |||
688 | f+=4; | |||
689 | /* skip whitespace */ | |||
690 | while (*f == ' ' || *f == '\t') | |||
691 | f++; | |||
692 | s = strsep(&f, " \t"); | |||
693 | if (s == NULL((void*)0)) | |||
694 | return; | |||
695 | strlcpy(p, s, len); | |||
696 | s = strsep(&p, " \t\n\r"); | |||
697 | if (s == NULL((void*)0)) | |||
698 | return; | |||
699 | s = strsep(&p, " \t\n\r"); | |||
700 | if (s) | |||
701 | *s = '\0'; | |||
702 | } | |||
703 | ||||
704 | void | |||
705 | initcon(struct con *cp, int fd, struct sockaddr *sa) | |||
706 | { | |||
707 | struct pollfd *pfd = cp->pfd; | |||
708 | char ctimebuf[26]; | |||
709 | time_t tt; | |||
710 | int error; | |||
711 | ||||
712 | if (sa->sa_family != AF_INET2) | |||
713 | errx(1, "not supported yet"); | |||
714 | ||||
715 | time(&tt); | |||
716 | free(cp->obuf); | |||
717 | free(cp->blacklists); | |||
718 | free(cp->lists); | |||
719 | memset(cp, 0, sizeof(*cp)); | |||
720 | if (grow_obuf(cp, 0) == NULL((void*)0)) | |||
721 | err(1, "malloc"); | |||
722 | cp->pfd = pfd; | |||
723 | cp->pfd->fd = fd; | |||
724 | memcpy(&cp->ss, sa, sa->sa_len); | |||
725 | cp->af = sa->sa_family; | |||
726 | cp->ia = &((struct sockaddr_in *)&cp->ss)->sin_addr; | |||
727 | cp->blacklists = sdl_lookup(blacklists, cp->af, cp->ia); | |||
728 | cp->stutter = (greylist && !grey_stutter && cp->blacklists == NULL((void*)0)) ? | |||
729 | 0 : stutter; | |||
730 | error = getnameinfo(sa, sa->sa_len, cp->addr, sizeof(cp->addr), NULL((void*)0), 0, | |||
731 | NI_NUMERICHOST1); | |||
732 | #ifdef useless | |||
733 | if (error) | |||
734 | errx(1, "%s", gai_strerror(error)); | |||
735 | #endif | |||
736 | ctime_r(&t, ctimebuf); | |||
737 | ctimebuf[sizeof(ctimebuf) - 2] = '\0'; /* nuke newline */ | |||
738 | snprintf(cp->obuf, cp->osize, "220 %s ESMTP %s; %s\r\n", | |||
739 | hostname, spamd, ctimebuf); | |||
740 | cp->op = cp->obuf; | |||
741 | cp->ol = strlen(cp->op); | |||
742 | cp->w = tt + cp->stutter; | |||
743 | cp->s = tt; | |||
744 | strlcpy(cp->rend, "\n", sizeof cp->rend); | |||
745 | clients++; | |||
746 | if (cp->blacklists != NULL((void*)0)) { | |||
747 | blackcount++; | |||
748 | if (greylist && blackcount > maxblack) | |||
749 | cp->stutter = 0; | |||
750 | cp->lists = strdup(loglists(cp)); | |||
751 | if (cp->lists == NULL((void*)0)) | |||
752 | err(1, "malloc"); | |||
753 | } | |||
754 | else | |||
755 | cp->lists = NULL((void*)0); | |||
756 | } | |||
757 | ||||
758 | void | |||
759 | closecon(struct con *cp) | |||
760 | { | |||
761 | time_t tt; | |||
762 | ||||
763 | if (cp->cctx) { | |||
764 | tls_close(cp->cctx); | |||
765 | tls_free(cp->cctx); | |||
766 | } | |||
767 | close(cp->pfd->fd); | |||
768 | cp->pfd->fd = -1; | |||
769 | ||||
770 | slowdowntill = 0; | |||
771 | ||||
772 | time(&tt); | |||
773 | syslog_r(LOG_INFO6, &sdata, "%s: disconnected after %lld seconds.%s%s", | |||
774 | cp->addr, (long long)(tt - cp->s), | |||
775 | ((cp->lists == NULL((void*)0)) ? "" : " lists:"), | |||
776 | ((cp->lists == NULL((void*)0)) ? "": cp->lists)); | |||
777 | if (debug > 0) | |||
778 | printf("%s connected for %lld seconds.\n", cp->addr, | |||
779 | (long long)(tt - cp->s)); | |||
780 | free(cp->lists); | |||
781 | cp->lists = NULL((void*)0); | |||
782 | if (cp->blacklists != NULL((void*)0)) { | |||
783 | blackcount--; | |||
784 | free(cp->blacklists); | |||
785 | cp->blacklists = NULL((void*)0); | |||
786 | } | |||
787 | if (cp->obuf != NULL((void*)0)) { | |||
788 | free(cp->obuf); | |||
789 | cp->obuf = NULL((void*)0); | |||
790 | cp->osize = 0; | |||
791 | } | |||
792 | clients--; | |||
793 | } | |||
794 | ||||
795 | int | |||
796 | match(const char *s1, const char *s2) | |||
797 | { | |||
798 | return (strncasecmp(s1, s2, strlen(s2)) == 0); | |||
799 | } | |||
800 | ||||
801 | void | |||
802 | nextstate(struct con *cp) | |||
803 | { | |||
804 | if (match(cp->ibuf, "QUIT") && cp->state < 99) { | |||
| ||||
805 | snprintf(cp->obuf, cp->osize, "221 %s\r\n", hostname); | |||
806 | cp->op = cp->obuf; | |||
807 | cp->ol = strlen(cp->op); | |||
808 | cp->w = t + cp->stutter; | |||
809 | cp->laststate = cp->state; | |||
810 | cp->state = 99; | |||
811 | return; | |||
812 | } | |||
813 | ||||
814 | if (match(cp->ibuf, "RSET") && cp->state > 2 && cp->state < 50) { | |||
815 | snprintf(cp->obuf, cp->osize, | |||
816 | "250 Ok to start over.\r\n"); | |||
817 | cp->op = cp->obuf; | |||
818 | cp->ol = strlen(cp->op); | |||
819 | cp->w = t + cp->stutter; | |||
820 | cp->laststate = cp->state; | |||
821 | cp->state = 2; | |||
822 | return; | |||
823 | } | |||
824 | switch (cp->state) { | |||
825 | case 0: | |||
826 | tlsinitdone: | |||
827 | /* banner sent; wait for input */ | |||
828 | cp->ip = cp->ibuf; | |||
829 | cp->il = sizeof(cp->ibuf) - 1; | |||
830 | cp->laststate = cp->state; | |||
831 | cp->state = 1; | |||
832 | cp->r = t; | |||
833 | break; | |||
834 | case 1: | |||
835 | /* received input: parse, and select next state */ | |||
836 | if (match(cp->ibuf, "HELO") || | |||
837 | match(cp->ibuf, "EHLO")) { | |||
838 | int nextstate = 2; | |||
839 | cp->helo[0] = '\0'; | |||
840 | gethelo(cp->helo, sizeof cp->helo, cp->ibuf); | |||
841 | if (cp->helo[0] == '\0') { | |||
842 | nextstate = 0; | |||
843 | snprintf(cp->obuf, cp->osize, | |||
844 | "501 helo requires domain name.\r\n"); | |||
845 | } else { | |||
846 | if (cp->cctx == NULL((void*)0) && tlsctx != NULL((void*)0) && | |||
847 | cp->blacklists == NULL((void*)0) && | |||
848 | match(cp->ibuf, "EHLO")) { | |||
849 | snprintf(cp->obuf, cp->osize, | |||
850 | "250-%s\r\n" | |||
851 | "250 STARTTLS\r\n", | |||
852 | hostname); | |||
853 | nextstate = 7; | |||
854 | } else { | |||
855 | snprintf(cp->obuf, cp->osize, | |||
856 | "250 Hello, spam sender. Pleased " | |||
857 | "to be wasting your time.\r\n"); | |||
858 | } | |||
859 | } | |||
860 | cp->op = cp->obuf; | |||
861 | cp->ol = strlen(cp->op); | |||
862 | cp->laststate = cp->state; | |||
863 | cp->state = nextstate; | |||
864 | cp->w = t + cp->stutter; | |||
865 | break; | |||
866 | } | |||
867 | goto mail; | |||
868 | case 2: | |||
869 | /* sent 250 Hello, wait for input */ | |||
870 | cp->ip = cp->ibuf; | |||
871 | cp->il = sizeof(cp->ibuf) - 1; | |||
872 | cp->laststate = cp->state; | |||
873 | cp->state = 3; | |||
874 | cp->r = t; | |||
875 | break; | |||
876 | case 3: | |||
877 | mail: | |||
878 | if (match(cp->ibuf, "MAIL")) { | |||
879 | setlog(cp->mail, sizeof cp->mail, cp->ibuf); | |||
880 | snprintf(cp->obuf, cp->osize, | |||
881 | "250 You are about to try to deliver spam. " | |||
882 | "Your time will be spent, for nothing.\r\n"); | |||
883 | cp->op = cp->obuf; | |||
884 | cp->ol = strlen(cp->op); | |||
885 | cp->laststate = cp->state; | |||
886 | cp->state = 4; | |||
887 | cp->w = t + cp->stutter; | |||
888 | break; | |||
889 | } | |||
890 | goto rcpt; | |||
891 | case 4: | |||
892 | /* sent 250 Sender ok */ | |||
893 | cp->ip = cp->ibuf; | |||
894 | cp->il = sizeof(cp->ibuf) - 1; | |||
895 | cp->laststate = cp->state; | |||
896 | cp->state = 5; | |||
897 | cp->r = t; | |||
898 | break; | |||
899 | case 5: | |||
900 | rcpt: | |||
901 | if (match(cp->ibuf, "RCPT")) { | |||
902 | setlog(cp->rcpt, sizeof(cp->rcpt), cp->ibuf); | |||
903 | snprintf(cp->obuf, cp->osize, | |||
904 | "250 This is hurting you more than it is " | |||
905 | "hurting me.\r\n"); | |||
906 | cp->op = cp->obuf; | |||
907 | cp->ol = strlen(cp->op); | |||
908 | cp->laststate = cp->state; | |||
909 | cp->state = 6; | |||
910 | cp->w = t + cp->stutter; | |||
911 | ||||
912 | if (cp->mail[0] && cp->rcpt[0]) { | |||
913 | if (verbose) | |||
914 | syslog_r(LOG_INFO6, &sdata, | |||
915 | "(%s) %s: %s -> %s", | |||
916 | cp->blacklists ? "BLACK" : "GREY", | |||
917 | cp->addr, cp->mail, | |||
918 | cp->rcpt); | |||
919 | if (debug) | |||
920 | fprintf(stderr(&__sF[2]), "(%s) %s: %s -> %s\n", | |||
921 | cp->blacklists ? "BLACK" : "GREY", | |||
922 | cp->addr, cp->mail, cp->rcpt); | |||
923 | if (greylist && cp->blacklists == NULL((void*)0)) { | |||
924 | /* send this info to the greylister */ | |||
925 | getcaddr(cp); | |||
926 | fprintf(grey, | |||
927 | "CO:%s\nHE:%s\nIP:%s\nFR:%s\nTO:%s\n", | |||
928 | cp->caddr, cp->helo, cp->addr, | |||
929 | cp->mail, cp->rcpt); | |||
930 | fflush(grey); | |||
931 | } | |||
932 | } | |||
933 | break; | |||
934 | } | |||
935 | goto spam; | |||
936 | case 6: | |||
937 | /* sent 250 blah */ | |||
938 | cp->ip = cp->ibuf; | |||
939 | cp->il = sizeof(cp->ibuf) - 1; | |||
940 | cp->laststate = cp->state; | |||
941 | cp->state = 5; | |||
942 | cp->r = t; | |||
943 | break; | |||
944 | case 7: | |||
945 | /* sent 250 STARTTLS, wait for input */ | |||
946 | cp->ip = cp->ibuf; | |||
947 | cp->il = sizeof(cp->ibuf) - 1; | |||
948 | cp->laststate = cp->state; | |||
949 | cp->state = 8; | |||
950 | cp->r = t; | |||
951 | break; | |||
952 | case 8: | |||
953 | if (tlsctx != NULL((void*)0) && cp->blacklists == NULL((void*)0) && | |||
954 | cp->cctx == NULL((void*)0) && match(cp->ibuf, "STARTTLS")) { | |||
955 | snprintf(cp->obuf, cp->osize, | |||
956 | "220 glad you want to burn more CPU cycles on " | |||
957 | "your spam\r\n"); | |||
958 | cp->op = cp->obuf; | |||
959 | cp->ol = strlen(cp->op); | |||
960 | cp->laststate = cp->state; | |||
961 | cp->state = 9; | |||
962 | cp->w = t + cp->stutter; | |||
963 | break; | |||
964 | } | |||
965 | goto mail; | |||
966 | case 9: | |||
967 | if (tls_accept_socket(tlsctx, &cp->cctx, cp->pfd->fd) == -1) { | |||
968 | snprintf(cp->obuf, cp->osize, | |||
969 | "500 STARTTLS failed\r\n"); | |||
970 | cp->op = cp->obuf; | |||
971 | cp->ol = strlen(cp->op); | |||
972 | cp->laststate = cp->state; | |||
973 | cp->state = 98; | |||
974 | goto done; | |||
975 | } | |||
976 | goto tlsinitdone; | |||
977 | ||||
978 | case 50: | |||
979 | spam: | |||
980 | if (match(cp->ibuf, "DATA")) { | |||
981 | snprintf(cp->obuf, cp->osize, | |||
982 | "354 Enter spam, end with \".\" on a line by " | |||
983 | "itself\r\n"); | |||
984 | cp->state = 60; | |||
985 | if (window && setsockopt(cp->pfd->fd, SOL_SOCKET0xffff, | |||
986 | SO_RCVBUF0x1002, &window, sizeof(window)) == -1) { | |||
987 | syslog_r(LOG_DEBUG7, &sdata,"setsockopt: %m"); | |||
988 | /* don't fail if this doesn't work. */ | |||
989 | } | |||
990 | cp->ip = cp->ibuf; | |||
991 | cp->il = sizeof(cp->ibuf) - 1; | |||
992 | cp->op = cp->obuf; | |||
993 | cp->ol = strlen(cp->op); | |||
994 | cp->w = t + cp->stutter; | |||
995 | if (greylist && cp->blacklists == NULL((void*)0)) { | |||
996 | cp->laststate = cp->state; | |||
997 | cp->state = 98; | |||
998 | goto done; | |||
999 | } | |||
1000 | } else { | |||
1001 | if (match(cp->ibuf, "NOOP")) | |||
1002 | snprintf(cp->obuf, cp->osize, | |||
1003 | "250 2.0.0 OK I did nothing\r\n"); | |||
1004 | else { | |||
1005 | snprintf(cp->obuf, cp->osize, | |||
1006 | "500 5.5.1 Command unrecognized\r\n"); | |||
1007 | cp->badcmd++; | |||
1008 | if (cp->badcmd > 20) { | |||
1009 | cp->laststate = cp->state; | |||
1010 | cp->state = 98; | |||
1011 | goto done; | |||
1012 | } | |||
1013 | } | |||
1014 | cp->state = cp->laststate; | |||
1015 | cp->ip = cp->ibuf; | |||
1016 | cp->il = sizeof(cp->ibuf) - 1; | |||
1017 | cp->op = cp->obuf; | |||
1018 | cp->ol = strlen(cp->op); | |||
1019 | cp->w = t + cp->stutter; | |||
1020 | } | |||
1021 | break; | |||
1022 | case 60: | |||
1023 | /* sent 354 blah */ | |||
1024 | cp->ip = cp->ibuf; | |||
1025 | cp->il = sizeof(cp->ibuf) - 1; | |||
1026 | cp->laststate = cp->state; | |||
1027 | cp->state = 70; | |||
1028 | cp->r = t; | |||
1029 | break; | |||
1030 | case 70: { | |||
1031 | char *p, *q; | |||
1032 | ||||
1033 | for (p = q = cp->ibuf; q <= cp->ip; ++q) | |||
1034 | if (*q == '\n' || q == cp->ip) { | |||
1035 | *q = 0; | |||
1036 | if (q > p && q[-1] == '\r') | |||
1037 | q[-1] = 0; | |||
1038 | if (!strcmp(p, ".") || | |||
1039 | (cp->data_body && ++cp->data_lines >= 10)) { | |||
1040 | cp->laststate = cp->state; | |||
1041 | cp->state = 98; | |||
1042 | goto done; | |||
1043 | } | |||
1044 | if (!cp->data_body && !*p) | |||
1045 | cp->data_body = 1; | |||
1046 | if (verbose && cp->data_body && *p) | |||
1047 | syslog_r(LOG_DEBUG7, &sdata, "%s: " | |||
1048 | "Body: %s", cp->addr, p); | |||
1049 | else if (verbose && (match(p, "FROM:") || | |||
1050 | match(p, "TO:") || match(p, "SUBJECT:"))) | |||
1051 | syslog_r(LOG_INFO6, &sdata, "%s: %s", | |||
1052 | cp->addr, p); | |||
1053 | p = ++q; | |||
1054 | } | |||
1055 | cp->ip = cp->ibuf; | |||
1056 | cp->il = sizeof(cp->ibuf) - 1; | |||
1057 | cp->r = t; | |||
1058 | break; | |||
1059 | } | |||
1060 | case 98: | |||
1061 | done: | |||
1062 | doreply(cp); | |||
1063 | cp->op = cp->obuf; | |||
1064 | cp->ol = strlen(cp->op); | |||
| ||||
1065 | cp->w = t + cp->stutter; | |||
1066 | cp->laststate = cp->state; | |||
1067 | cp->state = 99; | |||
1068 | break; | |||
1069 | case 99: | |||
1070 | closecon(cp); | |||
1071 | break; | |||
1072 | default: | |||
1073 | errx(1, "illegal state %d", cp->state); | |||
1074 | break; | |||
1075 | } | |||
1076 | } | |||
1077 | ||||
1078 | void | |||
1079 | handler(struct con *cp) | |||
1080 | { | |||
1081 | int end = 0; | |||
1082 | ssize_t n; | |||
1083 | ||||
1084 | if (cp->r || cp->tlsaction != SPAMD_TLS_ACT_NONE0) { | |||
1085 | if (cp->cctx) { | |||
1086 | cp->tlsaction = SPAMD_TLS_ACT_NONE0; | |||
1087 | n = tls_read(cp->cctx, cp->ip, cp->il); | |||
1088 | if (n == TLS_WANT_POLLIN-2) | |||
1089 | cp->tlsaction = SPAMD_TLS_ACT_READ_POLLIN1; | |||
1090 | if (n == TLS_WANT_POLLOUT-3) | |||
1091 | cp->tlsaction = SPAMD_TLS_ACT_READ_POLLOUT2; | |||
1092 | if (cp->tlsaction != SPAMD_TLS_ACT_NONE0) | |||
1093 | return; | |||
1094 | } else | |||
1095 | n = read(cp->pfd->fd, cp->ip, cp->il); | |||
1096 | ||||
1097 | if (n == 0) | |||
1098 | closecon(cp); | |||
1099 | else if (n == -1) { | |||
1100 | if (errno(*__errno()) == EAGAIN35) | |||
1101 | return; | |||
1102 | if (debug > 0) | |||
1103 | warn("read"); | |||
1104 | closecon(cp); | |||
1105 | } else { | |||
1106 | cp->ip[n] = '\0'; | |||
1107 | if (cp->rend[0]) | |||
1108 | if (strpbrk(cp->ip, cp->rend)) | |||
1109 | end = 1; | |||
1110 | cp->ip += n; | |||
1111 | cp->il -= n; | |||
1112 | } | |||
1113 | } | |||
1114 | if (end || cp->il == 0) { | |||
1115 | while (cp->ip > cp->ibuf && | |||
1116 | (cp->ip[-1] == '\r' || cp->ip[-1] == '\n')) | |||
1117 | cp->ip--; | |||
1118 | *cp->ip = '\0'; | |||
1119 | cp->r = 0; | |||
1120 | nextstate(cp); | |||
1121 | } | |||
1122 | } | |||
1123 | ||||
1124 | void | |||
1125 | handlew(struct con *cp, int one) | |||
1126 | { | |||
1127 | ssize_t n; | |||
1128 | ||||
1129 | /* kill stutter on greylisted connections after initial delay */ | |||
1130 | if (cp->stutter && greylist && cp->blacklists == NULL((void*)0) && | |||
1131 | (t - cp->s) > grey_stutter) | |||
1132 | cp->stutter=0; | |||
1133 | ||||
1134 | if (cp->w || cp->tlsaction != SPAMD_TLS_ACT_NONE0) { | |||
1135 | if (*cp->op == '\n' && !cp->sr) { | |||
1136 | /* insert \r before \n */ | |||
1137 | if (cp->cctx) { | |||
1138 | cp->tlsaction = SPAMD_TLS_ACT_NONE0; | |||
1139 | n = tls_write(cp->cctx, "\r", 1); | |||
1140 | if (n == TLS_WANT_POLLIN-2) | |||
1141 | cp->tlsaction = | |||
1142 | SPAMD_TLS_ACT_WRITE_POLLIN3; | |||
1143 | if (n == TLS_WANT_POLLOUT-3) | |||
1144 | cp->tlsaction = | |||
1145 | SPAMD_TLS_ACT_WRITE_POLLOUT4; | |||
1146 | if (cp->tlsaction != SPAMD_TLS_ACT_NONE0) | |||
1147 | return; | |||
1148 | } else | |||
1149 | n = write(cp->pfd->fd, "\r", 1); | |||
1150 | ||||
1151 | if (n == 0) { | |||
1152 | closecon(cp); | |||
1153 | goto handled; | |||
1154 | } else if (n == -1) { | |||
1155 | if (errno(*__errno()) == EAGAIN35) | |||
1156 | return; | |||
1157 | if (debug > 0 && errno(*__errno()) != EPIPE32) | |||
1158 | warn("write"); | |||
1159 | closecon(cp); | |||
1160 | goto handled; | |||
1161 | } | |||
1162 | } | |||
1163 | if (*cp->op == '\r') | |||
1164 | cp->sr = 1; | |||
1165 | else | |||
1166 | cp->sr = 0; | |||
1167 | if (cp->cctx) { | |||
1168 | cp->tlsaction = SPAMD_TLS_ACT_NONE0; | |||
1169 | n = tls_write(cp->cctx, cp->op, cp->ol); | |||
1170 | if (n == TLS_WANT_POLLIN-2) | |||
1171 | cp->tlsaction = SPAMD_TLS_ACT_WRITE_POLLIN3; | |||
1172 | if (n == TLS_WANT_POLLOUT-3) | |||
1173 | cp->tlsaction = SPAMD_TLS_ACT_WRITE_POLLOUT4; | |||
1174 | if (cp->tlsaction != SPAMD_TLS_ACT_NONE0) | |||
1175 | return; | |||
1176 | } else | |||
1177 | n = write(cp->pfd->fd, cp->op, | |||
1178 | (one && cp->stutter) ? 1 : cp->ol); | |||
1179 | ||||
1180 | if (n == 0) | |||
1181 | closecon(cp); | |||
1182 | else if (n == -1) { | |||
1183 | if (errno(*__errno()) == EAGAIN35) | |||
1184 | return; | |||
1185 | if (debug > 0 && errno(*__errno()) != EPIPE32) | |||
1186 | warn("write"); | |||
1187 | closecon(cp); | |||
1188 | } else { | |||
1189 | cp->op += n; | |||
1190 | cp->ol -= n; | |||
1191 | } | |||
1192 | } | |||
1193 | handled: | |||
1194 | cp->w = t + cp->stutter; | |||
1195 | if (cp->ol == 0) { | |||
1196 | cp->w = 0; | |||
1197 | nextstate(cp); | |||
1198 | } | |||
1199 | } | |||
1200 | ||||
1201 | static int | |||
1202 | get_maxfiles(void) | |||
1203 | { | |||
1204 | int mib[2], maxfiles; | |||
1205 | size_t len; | |||
1206 | ||||
1207 | mib[0] = CTL_KERN1; | |||
1208 | mib[1] = KERN_MAXFILES7; | |||
1209 | len = sizeof(maxfiles); | |||
1210 | if (sysctl(mib, 2, &maxfiles, &len, NULL((void*)0), 0) == -1) | |||
1211 | return(MAXCON800); | |||
1212 | if ((maxfiles - 200) < 10) | |||
1213 | errx(1, "kern.maxfiles is only %d, can not continue\n", | |||
1214 | maxfiles); | |||
1215 | else | |||
1216 | return(maxfiles - 200); | |||
1217 | } | |||
1218 | ||||
1219 | /* Symbolic indexes for pfd[] below */ | |||
1220 | #define PFD_SMTPLISTEN0 0 | |||
1221 | #define PFD_CONFLISTEN1 1 | |||
1222 | #define PFD_SYNCFD2 2 | |||
1223 | #define PFD_CONFFD3 3 | |||
1224 | #define PFD_TRAPFD4 4 | |||
1225 | #define PFD_GREYBACK5 5 | |||
1226 | #define PFD_FIRSTCON6 6 | |||
1227 | ||||
1228 | int | |||
1229 | main(int argc, char *argv[]) | |||
1230 | { | |||
1231 | struct pollfd *pfd; | |||
1232 | struct sockaddr_in sin; | |||
1233 | struct sockaddr_in lin; | |||
1234 | int ch, smtplisten, conflisten, syncfd = -1, i, one = 1; | |||
1235 | u_short port; | |||
1236 | long long passt, greyt, whitet; | |||
1237 | struct servent *ent; | |||
1238 | struct rlimit rlp; | |||
1239 | char *bind_address = NULL((void*)0); | |||
1240 | const char *errstr; | |||
1241 | char *sync_iface = NULL((void*)0); | |||
1242 | char *sync_baddr = NULL((void*)0); | |||
1243 | struct addrinfo hints, *res; | |||
1244 | char *addr; | |||
1245 | char portstr[6]; | |||
1246 | int error; | |||
1247 | ||||
1248 | tzset(); | |||
1249 | openlog_r("spamd", LOG_PID0x01 | LOG_NDELAY0x08, LOG_DAEMON(3<<3), &sdata); | |||
1250 | ||||
1251 | if ((ent = getservbyname("spamd", "tcp")) == NULL((void*)0)) | |||
1252 | errx(1, "Can't find service \"spamd\" in /etc/services"); | |||
1253 | port = ntohs(ent->s_port)(__uint16_t)(__builtin_constant_p(ent->s_port) ? (__uint16_t )(((__uint16_t)(ent->s_port) & 0xffU) << 8 | ((__uint16_t )(ent->s_port) & 0xff00U) >> 8) : __swap16md(ent ->s_port)); | |||
1254 | if ((ent = getservbyname("spamd-cfg", "tcp")) == NULL((void*)0)) | |||
1255 | errx(1, "Can't find service \"spamd-cfg\" in /etc/services"); | |||
1256 | cfg_port = ntohs(ent->s_port)(__uint16_t)(__builtin_constant_p(ent->s_port) ? (__uint16_t )(((__uint16_t)(ent->s_port) & 0xffU) << 8 | ((__uint16_t )(ent->s_port) & 0xff00U) >> 8) : __swap16md(ent ->s_port)); | |||
1257 | if ((ent = getservbyname("spamd-sync", "udp")) == NULL((void*)0)) | |||
1258 | errx(1, "Can't find service \"spamd-sync\" in /etc/services"); | |||
1259 | sync_port = ntohs(ent->s_port)(__uint16_t)(__builtin_constant_p(ent->s_port) ? (__uint16_t )(((__uint16_t)(ent->s_port) & 0xffU) << 8 | ((__uint16_t )(ent->s_port) & 0xff00U) >> 8) : __swap16md(ent ->s_port)); | |||
1260 | ||||
1261 | if (gethostname(hostname, sizeof hostname) == -1) | |||
1262 | err(1, "gethostname"); | |||
1263 | maxfiles = get_maxfiles(); | |||
1264 | if (maxcon > maxfiles) | |||
1265 | maxcon = maxfiles; | |||
1266 | if (maxblack > maxfiles) | |||
1267 | maxblack = maxfiles; | |||
1268 | while ((ch = | |||
1269 | getopt(argc, argv, "45l:c:B:p:bdG:h:s:S:M:n:vw:y:Y:C:K:")) != -1) { | |||
1270 | switch (ch) { | |||
1271 | case '4': | |||
1272 | nreply = "450"; | |||
1273 | break; | |||
1274 | case '5': | |||
1275 | nreply = "550"; | |||
1276 | break; | |||
1277 | case 'l': | |||
1278 | bind_address = optarg; | |||
1279 | break; | |||
1280 | case 'B': | |||
1281 | maxblack = strtonum(optarg, 0, INT_MAX2147483647, &errstr); | |||
1282 | if (errstr) | |||
1283 | errx(1, "-B %s: %s", optarg, errstr); | |||
1284 | break; | |||
1285 | case 'c': | |||
1286 | maxcon = strtonum(optarg, 1, maxfiles, &errstr); | |||
1287 | if (errstr) { | |||
1288 | fprintf(stderr(&__sF[2]), "-c %s: %s\n", optarg, errstr); | |||
1289 | usage(); | |||
1290 | } | |||
1291 | break; | |||
1292 | case 'p': | |||
1293 | port = strtonum(optarg, 1, USHRT_MAX(32767 *2 +1), &errstr); | |||
1294 | if (errstr) | |||
1295 | errx(1, "-p %s: %s", optarg, errstr); | |||
1296 | break; | |||
1297 | case 'd': | |||
1298 | debug = 1; | |||
1299 | break; | |||
1300 | case 'b': | |||
1301 | greylist = 0; | |||
1302 | break; | |||
1303 | case 'G': | |||
1304 | if (sscanf(optarg, "%lld:%lld:%lld", &passt, &greyt, | |||
1305 | &whitet) != 3) | |||
1306 | usage(); | |||
1307 | passtime = passt; | |||
1308 | greyexp = greyt; | |||
1309 | whiteexp = whitet; | |||
1310 | /* convert to seconds from minutes */ | |||
1311 | passtime *= 60; | |||
1312 | /* convert to seconds from hours */ | |||
1313 | whiteexp *= (60 * 60); | |||
1314 | /* convert to seconds from hours */ | |||
1315 | greyexp *= (60 * 60); | |||
1316 | break; | |||
1317 | case 'h': | |||
1318 | memset(hostname, 0, sizeof(hostname)); | |||
1319 | if (strlcpy(hostname, optarg, sizeof(hostname)) >= | |||
1320 | sizeof(hostname)) | |||
1321 | errx(1, "-h arg too long"); | |||
1322 | break; | |||
1323 | case 's': | |||
1324 | stutter = strtonum(optarg, 0, 10, &errstr); | |||
1325 | if (errstr) | |||
1326 | usage(); | |||
1327 | break; | |||
1328 | case 'S': | |||
1329 | grey_stutter = strtonum(optarg, 0, 90, &errstr); | |||
1330 | if (errstr) | |||
1331 | usage(); | |||
1332 | break; | |||
1333 | case 'M': | |||
1334 | low_prio_mx_ip = optarg; | |||
1335 | break; | |||
1336 | case 'n': | |||
1337 | spamd = optarg; | |||
1338 | break; | |||
1339 | case 'v': | |||
1340 | verbose = 1; | |||
1341 | break; | |||
1342 | case 'w': | |||
1343 | window = strtonum(optarg, 1, INT_MAX2147483647, &errstr); | |||
1344 | if (errstr) | |||
1345 | errx(1, "-w %s: %s", optarg, errstr); | |||
1346 | break; | |||
1347 | case 'Y': | |||
1348 | if (sync_addhost(optarg, sync_port) != 0) | |||
1349 | sync_iface = optarg; | |||
1350 | syncsend++; | |||
1351 | break; | |||
1352 | case 'y': | |||
1353 | sync_baddr = optarg; | |||
1354 | syncrecv++; | |||
1355 | break; | |||
1356 | case 'C': | |||
1357 | tlscertfile = optarg; | |||
1358 | break; | |||
1359 | case 'K': | |||
1360 | tlskeyfile = optarg; | |||
1361 | break; | |||
1362 | default: | |||
1363 | usage(); | |||
1364 | break; | |||
1365 | } | |||
1366 | } | |||
1367 | ||||
1368 | setproctitle("[priv]%s%s", | |||
1369 | greylist ? " (greylist)" : "", | |||
1370 | (syncrecv || syncsend) ? " (sync)" : ""); | |||
1371 | ||||
1372 | if (syncsend || syncrecv) { | |||
1373 | syncfd = sync_init(sync_iface, sync_baddr, sync_port); | |||
1374 | if (syncfd == -1) | |||
1375 | err(1, "sync init"); | |||
1376 | } | |||
1377 | ||||
1378 | if (geteuid()) | |||
1379 | errx(1, "need root privileges"); | |||
1380 | ||||
1381 | if ((pw = getpwnam(SPAMD_USER"_spamd")) == NULL((void*)0)) | |||
1382 | errx(1, "no such user %s", SPAMD_USER"_spamd"); | |||
1383 | ||||
1384 | if (!greylist) { | |||
1385 | maxblack = maxcon; | |||
1386 | } else if (maxblack > maxcon) | |||
1387 | usage(); | |||
1388 | ||||
1389 | spamd_tls_init(); | |||
1390 | ||||
1391 | rlp.rlim_cur = rlp.rlim_max = maxcon + 15; | |||
1392 | if (setrlimit(RLIMIT_NOFILE8, &rlp) == -1) | |||
1393 | err(1, "setrlimit"); | |||
1394 | ||||
1395 | pfd = reallocarray(NULL((void*)0), PFD_FIRSTCON6 + maxcon, sizeof(*pfd)); | |||
1396 | if (pfd == NULL((void*)0)) | |||
1397 | err(1, "reallocarray"); | |||
1398 | ||||
1399 | con = calloc(maxcon, sizeof(*con)); | |||
1400 | if (con == NULL((void*)0)) | |||
1401 | err(1, "calloc"); | |||
1402 | ||||
1403 | con->obuf = malloc(8192); | |||
1404 | ||||
1405 | if (con->obuf == NULL((void*)0)) | |||
1406 | err(1, "malloc"); | |||
1407 | con->osize = 8192; | |||
1408 | ||||
1409 | for (i = 0; i < maxcon; i++) { | |||
1410 | con[i].pfd = &pfd[PFD_FIRSTCON6 + i]; | |||
1411 | con[i].pfd->fd = -1; | |||
1412 | } | |||
1413 | ||||
1414 | signal(SIGPIPE13, SIG_IGN(void (*)(int))1); | |||
1415 | ||||
1416 | smtplisten = socket(AF_INET2, SOCK_STREAM1, 0); | |||
1417 | if (smtplisten == -1) | |||
1418 | err(1, "socket"); | |||
1419 | ||||
1420 | if (setsockopt(smtplisten, SOL_SOCKET0xffff, SO_REUSEADDR0x0004, &one, | |||
1421 | sizeof(one)) == -1) | |||
1422 | return (-1); | |||
1423 | ||||
1424 | conflisten = socket(AF_INET2, SOCK_STREAM1, 0); | |||
1425 | if (conflisten == -1) | |||
1426 | err(1, "socket"); | |||
1427 | ||||
1428 | if (setsockopt(conflisten, SOL_SOCKET0xffff, SO_REUSEADDR0x0004, &one, | |||
1429 | sizeof(one)) == -1) | |||
1430 | return (-1); | |||
1431 | ||||
1432 | memset(&hints, 0, sizeof(hints)); | |||
1433 | hints.ai_family = AF_INET2; | |||
1434 | addr = bind_address; | |||
1435 | snprintf(portstr, sizeof(portstr), "%hu", port); | |||
1436 | ||||
1437 | if ((error = getaddrinfo(addr, portstr, &hints, &res)) != 0) { | |||
1438 | errx(1, "getaddrinfo: %s", gai_strerror(error)); | |||
1439 | } | |||
1440 | ||||
1441 | if (bind(smtplisten, res->ai_addr, res->ai_addrlen) == -1) { | |||
1442 | freeaddrinfo(res); | |||
1443 | err(1, "bind"); | |||
1444 | } | |||
1445 | freeaddrinfo(res); | |||
1446 | ||||
1447 | memset(&lin, 0, sizeof sin); | |||
1448 | lin.sin_len = sizeof(sin); | |||
1449 | lin.sin_addr.s_addr = htonl(INADDR_LOOPBACK)(__uint32_t)(__builtin_constant_p(((u_int32_t)(0x7f000001))) ? (__uint32_t)(((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff ) << 24 | ((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff00) << 8 | ((__uint32_t)(((u_int32_t)(0x7f000001)) ) & 0xff0000) >> 8 | ((__uint32_t)(((u_int32_t)(0x7f000001 ))) & 0xff000000) >> 24) : __swap32md(((u_int32_t)( 0x7f000001)))); | |||
1450 | lin.sin_family = AF_INET2; | |||
1451 | lin.sin_port = htons(cfg_port)(__uint16_t)(__builtin_constant_p(cfg_port) ? (__uint16_t)((( __uint16_t)(cfg_port) & 0xffU) << 8 | ((__uint16_t) (cfg_port) & 0xff00U) >> 8) : __swap16md(cfg_port)); | |||
1452 | ||||
1453 | if (bind(conflisten, (struct sockaddr *)&lin, sizeof lin) == -1) | |||
1454 | err(1, "bind local"); | |||
1455 | ||||
1456 | if (debug == 0) { | |||
1457 | if (daemon(1, 1) == -1) | |||
1458 | err(1, "daemon"); | |||
1459 | } | |||
1460 | ||||
1461 | if (greylist) { | |||
1462 | pfdev = open("/dev/pf", O_RDWR0x0002); | |||
1463 | if (pfdev == -1) { | |||
1464 | syslog_r(LOG_ERR3, &sdata, "open /dev/pf: %m"); | |||
1465 | exit(1); | |||
1466 | } | |||
1467 | ||||
1468 | check_spamd_db(); | |||
1469 | ||||
1470 | maxblack = (maxblack >= maxcon) ? maxcon - 100 : maxblack; | |||
1471 | if (maxblack < 0) | |||
1472 | maxblack = 0; | |||
1473 | ||||
1474 | /* open pipe to talk to greylister */ | |||
1475 | if (socketpair(AF_UNIX1, SOCK_DGRAM2, 0, greyback) == -1) { | |||
1476 | syslog(LOG_ERR3, "socketpair (%m)"); | |||
1477 | exit(1); | |||
1478 | } | |||
1479 | if (pipe(greypipe) == -1) { | |||
1480 | syslog(LOG_ERR3, "pipe (%m)"); | |||
1481 | exit(1); | |||
1482 | } | |||
1483 | /* open pipe to receive spamtrap configs */ | |||
1484 | if (pipe(trappipe) == -1) { | |||
1485 | syslog(LOG_ERR3, "pipe (%m)"); | |||
1486 | exit(1); | |||
1487 | } | |||
1488 | jail_pid = fork(); | |||
1489 | switch (jail_pid) { | |||
1490 | case -1: | |||
1491 | syslog(LOG_ERR3, "fork (%m)"); | |||
1492 | exit(1); | |||
1493 | case 0: | |||
1494 | /* child - continue */ | |||
1495 | signal(SIGPIPE13, SIG_IGN(void (*)(int))1); | |||
1496 | grey = fdopen(greypipe[1], "w"); | |||
1497 | if (grey == NULL((void*)0)) { | |||
1498 | syslog(LOG_ERR3, "fdopen (%m)"); | |||
1499 | _exit(1); | |||
1500 | } | |||
1501 | close(greyback[0]); | |||
1502 | close(greypipe[0]); | |||
1503 | trapfd = trappipe[0]; | |||
1504 | trapcfg = fdopen(trappipe[0], "r"); | |||
1505 | if (trapcfg == NULL((void*)0)) { | |||
1506 | syslog(LOG_ERR3, "fdopen (%m)"); | |||
1507 | _exit(1); | |||
1508 | } | |||
1509 | close(trappipe[1]); | |||
1510 | ||||
1511 | if (setgroups(1, &pw->pw_gid) || | |||
1512 | setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || | |||
1513 | setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) | |||
1514 | err(1, "failed to drop privs"); | |||
1515 | ||||
1516 | goto jail; | |||
1517 | } | |||
1518 | /* parent - run greylister */ | |||
1519 | close(greyback[1]); | |||
1520 | grey = fdopen(greypipe[0], "r"); | |||
1521 | if (grey == NULL((void*)0)) { | |||
1522 | syslog(LOG_ERR3, "fdopen (%m)"); | |||
1523 | exit(1); | |||
1524 | } | |||
1525 | close(greypipe[1]); | |||
1526 | trapcfg = fdopen(trappipe[1], "w"); | |||
1527 | if (trapcfg == NULL((void*)0)) { | |||
1528 | syslog(LOG_ERR3, "fdopen (%m)"); | |||
1529 | exit(1); | |||
1530 | } | |||
1531 | close(trappipe[0]); | |||
1532 | return (greywatcher()); | |||
1533 | } | |||
1534 | ||||
1535 | jail: | |||
1536 | if (pledge("stdio inet", NULL((void*)0)) == -1) | |||
1537 | err(1, "pledge"); | |||
1538 | ||||
1539 | if (listen(smtplisten, 10) == -1) | |||
1540 | err(1, "listen"); | |||
1541 | ||||
1542 | if (listen(conflisten, 10) == -1) | |||
1543 | err(1, "listen"); | |||
1544 | ||||
1545 | if (debug != 0) | |||
1546 | printf("listening for incoming connections.\n"); | |||
1547 | syslog_r(LOG_WARNING4, &sdata, "listening for incoming connections."); | |||
1548 | ||||
1549 | /* We always check for trap and sync events if configured. */ | |||
1550 | if (trapfd != -1) { | |||
1551 | pfd[PFD_TRAPFD4].fd = trapfd; | |||
1552 | pfd[PFD_TRAPFD4].events = POLLIN0x0001; | |||
1553 | } else { | |||
1554 | pfd[PFD_TRAPFD4].fd = -1; | |||
1555 | pfd[PFD_TRAPFD4].events = 0; | |||
1556 | } | |||
1557 | if (syncrecv) { | |||
1558 | pfd[PFD_SYNCFD2].fd = syncfd; | |||
1559 | pfd[PFD_SYNCFD2].events = POLLIN0x0001; | |||
1560 | } else { | |||
1561 | pfd[PFD_SYNCFD2].fd = -1; | |||
1562 | pfd[PFD_SYNCFD2].events = 0; | |||
1563 | } | |||
1564 | if (greylist) { | |||
1565 | pfd[PFD_GREYBACK5].fd = greyback[1]; | |||
1566 | pfd[PFD_GREYBACK5].events = POLLIN0x0001; | |||
1567 | } else { | |||
1568 | pfd[PFD_GREYBACK5].fd = -1; | |||
1569 | pfd[PFD_GREYBACK5].events = 0; | |||
1570 | } | |||
1571 | ||||
1572 | /* events and pfd entries for con[] are filled in below. */ | |||
1573 | pfd[PFD_SMTPLISTEN0].fd = smtplisten; | |||
1574 | pfd[PFD_CONFLISTEN1].fd = conflisten; | |||
1575 | ||||
1576 | while (1) { | |||
1577 | int numcon = 0, n, timeout, writers; | |||
1578 | ||||
1579 | time(&t); | |||
1580 | ||||
1581 | writers = 0; | |||
1582 | for (i = 0; i < maxcon; i++) { | |||
1583 | if (con[i].pfd->fd == -1) | |||
1584 | continue; | |||
1585 | con[i].pfd->events = 0; | |||
1586 | if (con[i].r) { | |||
1587 | if (con[i].r + MAXTIME400 <= t) { | |||
1588 | closecon(&con[i]); | |||
1589 | continue; | |||
1590 | } | |||
1591 | con[i].pfd->events |= POLLIN0x0001; | |||
1592 | } | |||
1593 | if (con[i].w) { | |||
1594 | if (con[i].w + MAXTIME400 <= t) { | |||
1595 | closecon(&con[i]); | |||
1596 | continue; | |||
1597 | } | |||
1598 | if (con[i].w <= t) | |||
1599 | con[i].pfd->events |= POLLOUT0x0004; | |||
1600 | writers = 1; | |||
1601 | } | |||
1602 | if (con[i].tlsaction == SPAMD_TLS_ACT_READ_POLLIN1 || | |||
1603 | con[i].tlsaction == SPAMD_TLS_ACT_WRITE_POLLIN3) | |||
1604 | con[i].pfd->events = POLLIN0x0001; | |||
1605 | if (con[i].tlsaction == SPAMD_TLS_ACT_READ_POLLOUT2 || | |||
1606 | con[i].tlsaction == SPAMD_TLS_ACT_WRITE_POLLOUT4) | |||
1607 | con[i].pfd->events = POLLOUT0x0004; | |||
1608 | if (i + 1 > numcon) | |||
1609 | numcon = i + 1; | |||
1610 | } | |||
1611 | pfd[PFD_SMTPLISTEN0].events = 0; | |||
1612 | pfd[PFD_CONFLISTEN1].events = 0; | |||
1613 | pfd[PFD_CONFFD3].events = 0; | |||
1614 | pfd[PFD_CONFFD3].fd = conffd; | |||
1615 | if (slowdowntill == 0) { | |||
1616 | pfd[PFD_SMTPLISTEN0].events = POLLIN0x0001; | |||
1617 | ||||
1618 | /* only one active config conn at a time */ | |||
1619 | if (conffd == -1) | |||
1620 | pfd[PFD_CONFLISTEN1].events = POLLIN0x0001; | |||
1621 | else | |||
1622 | pfd[PFD_CONFFD3].events = POLLIN0x0001; | |||
1623 | } | |||
1624 | ||||
1625 | /* If we are not listening, wake up at least once a second */ | |||
1626 | if (writers == 0 && slowdowntill == 0) | |||
1627 | timeout = INFTIM(-1); | |||
1628 | else | |||
1629 | timeout = 1000; | |||
1630 | ||||
1631 | n = poll(pfd, PFD_FIRSTCON6 + numcon, timeout); | |||
1632 | if (n == -1) { | |||
1633 | if (errno(*__errno()) != EINTR4) | |||
1634 | err(1, "poll"); | |||
1635 | continue; | |||
1636 | } | |||
1637 | ||||
1638 | /* Check if we can speed up accept() calls */ | |||
1639 | if (slowdowntill && slowdowntill > t) | |||
1640 | slowdowntill = 0; | |||
1641 | ||||
1642 | for (i = 0; i < maxcon; i++) { | |||
1643 | if (con[i].pfd->fd == -1) | |||
1644 | continue; | |||
1645 | if (pfd[PFD_FIRSTCON6 + i].revents & POLLHUP0x0010) { | |||
1646 | closecon(&con[i]); | |||
1647 | continue; | |||
1648 | } | |||
1649 | if (pfd[PFD_FIRSTCON6 + i].revents & POLLIN0x0001) { | |||
1650 | if (con[i].tlsaction == | |||
1651 | SPAMD_TLS_ACT_WRITE_POLLIN3) | |||
1652 | handlew(&con[i], clients + 5 < maxcon); | |||
1653 | else | |||
1654 | handler(&con[i]); | |||
1655 | } | |||
1656 | if (pfd[PFD_FIRSTCON6 + i].revents & POLLOUT0x0004) { | |||
1657 | if (con[i].tlsaction == | |||
1658 | SPAMD_TLS_ACT_READ_POLLOUT2) | |||
1659 | handler(&con[i]); | |||
1660 | else | |||
1661 | handlew(&con[i], clients + 5 < maxcon); | |||
1662 | } | |||
1663 | } | |||
1664 | if (pfd[PFD_SMTPLISTEN0].revents & (POLLIN0x0001|POLLHUP0x0010)) { | |||
1665 | socklen_t sinlen; | |||
1666 | int s2; | |||
1667 | ||||
1668 | sinlen = sizeof(sin); | |||
1669 | s2 = accept4(smtplisten, (struct sockaddr *)&sin, &sinlen, | |||
1670 | SOCK_NONBLOCK0x4000); | |||
1671 | if (s2 == -1) { | |||
1672 | switch (errno(*__errno())) { | |||
1673 | case EINTR4: | |||
1674 | case ECONNABORTED53: | |||
1675 | break; | |||
1676 | case EMFILE24: | |||
1677 | case ENFILE23: | |||
1678 | slowdowntill = time(NULL((void*)0)) + 1; | |||
1679 | break; | |||
1680 | default: | |||
1681 | errx(1, "accept"); | |||
1682 | } | |||
1683 | } else { | |||
1684 | /* Check if we hit the chosen fd limit */ | |||
1685 | for (i = 0; i < maxcon; i++) | |||
1686 | if (con[i].pfd->fd == -1) | |||
1687 | break; | |||
1688 | if (i == maxcon) { | |||
1689 | close(s2); | |||
1690 | slowdowntill = 0; | |||
1691 | } else { | |||
1692 | initcon(&con[i], s2, | |||
1693 | (struct sockaddr *)&sin); | |||
1694 | syslog_r(LOG_INFO6, &sdata, | |||
1695 | "%s: connected (%d/%d)%s%s", | |||
1696 | con[i].addr, clients, blackcount, | |||
1697 | ((con[i].lists == NULL((void*)0)) ? "" : | |||
1698 | ", lists:"), | |||
1699 | ((con[i].lists == NULL((void*)0)) ? "": | |||
1700 | con[i].lists)); | |||
1701 | } | |||
1702 | } | |||
1703 | } | |||
1704 | if (pfd[PFD_CONFLISTEN1].revents & (POLLIN0x0001|POLLHUP0x0010)) { | |||
1705 | socklen_t sinlen; | |||
1706 | ||||
1707 | sinlen = sizeof(lin); | |||
1708 | conffd = accept(conflisten, (struct sockaddr *)&lin, | |||
1709 | &sinlen); | |||
1710 | if (conffd == -1) { | |||
1711 | switch (errno(*__errno())) { | |||
1712 | case EINTR4: | |||
1713 | case ECONNABORTED53: | |||
1714 | break; | |||
1715 | case EMFILE24: | |||
1716 | case ENFILE23: | |||
1717 | slowdowntill = time(NULL((void*)0)) + 1; | |||
1718 | break; | |||
1719 | default: | |||
1720 | errx(1, "accept"); | |||
1721 | } | |||
1722 | } else if (ntohs(lin.sin_port)(__uint16_t)(__builtin_constant_p(lin.sin_port) ? (__uint16_t )(((__uint16_t)(lin.sin_port) & 0xffU) << 8 | ((__uint16_t )(lin.sin_port) & 0xff00U) >> 8) : __swap16md(lin.sin_port )) >= IPPORT_RESERVED1024) { | |||
1723 | close(conffd); | |||
1724 | conffd = -1; | |||
1725 | slowdowntill = 0; | |||
1726 | } | |||
1727 | } else if (pfd[PFD_CONFFD3].revents & (POLLIN0x0001|POLLHUP0x0010)) | |||
1728 | do_config(); | |||
1729 | if (pfd[PFD_TRAPFD4].revents & (POLLIN0x0001|POLLHUP0x0010)) | |||
1730 | read_configline(trapcfg); | |||
1731 | if (pfd[PFD_SYNCFD2].revents & (POLLIN0x0001|POLLHUP0x0010)) | |||
1732 | sync_recv(); | |||
1733 | if (pfd[PFD_GREYBACK5].revents & (POLLIN0x0001|POLLHUP0x0010)) | |||
1734 | blackcheck(greyback[1]); | |||
1735 | } | |||
1736 | exit(1); | |||
1737 | } | |||
1738 | ||||
1739 | void | |||
1740 | blackcheck(int fd) | |||
1741 | { | |||
1742 | struct sockaddr_storage ss; | |||
1743 | ssize_t nread; | |||
1744 | void *ia; | |||
1745 | char ch; | |||
1746 | ||||
1747 | /* Read sockaddr from greylister and look it up in the blacklists. */ | |||
1748 | nread = recv(fd, &ss, sizeof(ss), 0); | |||
1749 | if (nread == -1) { | |||
1750 | syslog(LOG_ERR3, "%s: recv: %m", __func__); | |||
1751 | return; | |||
1752 | } | |||
1753 | if (nread != sizeof(struct sockaddr_in) && | |||
1754 | nread != sizeof(struct sockaddr_in6)) { | |||
1755 | syslog(LOG_ERR3, "%s: invalid size %zd", __func__, nread); | |||
1756 | return; | |||
1757 | } | |||
1758 | if (ss.ss_family == AF_INET2) { | |||
1759 | ia = &((struct sockaddr_in *)&ss)->sin_addr; | |||
1760 | } else if (ss.ss_family == AF_INET624) { | |||
1761 | ia = &((struct sockaddr_in6 *)&ss)->sin6_addr; | |||
1762 | } else { | |||
1763 | syslog(LOG_ERR3, "%s: bad family %d", __func__, ss.ss_family); | |||
1764 | return; | |||
1765 | } | |||
1766 | ch = sdl_check(blacklists, ss.ss_family, ia) ? '1' : '0'; | |||
1767 | ||||
1768 | /* Send '1' for match or '0' for no match. */ | |||
1769 | if (send(fd, &ch, sizeof(ch), 0) == -1) { | |||
1770 | syslog(LOG_ERR3, "%s: send: %m", __func__); | |||
1771 | return; | |||
1772 | } | |||
1773 | } |